Rojgar Job News

“Technology is a wonderful thing but it’s scary when it’s weaponized against you.” The first sign that my wife’s identity and my own were under attack came innocently enough. It was an e-mail alert that we get from time to time from Comcast, so innocent that I almost ignored it.  But it said our password had been changed.  When we tried to log-in to download e-mail, the system indicated the password was incorrect. “That’s weird”, we thought. I mean, we have two factor authentication on it so that if someone DOES try to change the password, shouldn’t they need a code? So I called Comcast and was assured repeated that our password wasn’t changed and our account was not compromised. They said it was a phishing exercise and the e-mails were fake too. As for the account access, they said that someone may have just tried to access it but they were unsuccessful. Comcast easily reset the password for me and since two factor a...

With a weekend of football championships behind us, this post tackles the privacy developments that employers here in Connecticut need to run down.  Indeed, while I could just pass off two recent posts from my colleagues, it’s worth going through a progression of options. One development is for the U.S. “ patriots” , while another one lets you fly like an eagle to Europe to understand the implications that an EU regulation can have on US employers. Since my beloved New York football giants were out of it since week one, I’m going to just quarterback what you need to know and, for the sake of everyone, put the football puns on the sideline for the rest of the post. First up, the Connecticut Supreme Court last week recognized a private right of action that patients have against their doctors for unauthorized disclosure of confidential information obtained in the course of that relationship.”  My colleagues in the Health Law group have a deta...

Do you remember when the Target store data breach made news? This was not that long ago, and yet, five years later we’ve arguably become immune to the news. Take Facebook’s latest snafu — 50 million accounts compromised.  And yet, it hardly made headlines for a 24 hour period. Heck, even the U.S. State Department has had personal information about its employees breached in the last month — though “only” one percent may have been affected – so…yawn. Have we become that immune to such breaches at this point?  Perhaps. But that doesn’t mean that employers can let their guard down. Indeed, I would argue that new laws and regulations (including one in California) are making the job of employers even more challenging. I’ll be talking about all of this at my firm’s upcoming Labor & Employment Seminar later this month with my colleague Ashley Marshall.  It’s scheduled for October 25th at the Hartford Mar...

As I noted last week, I’l be talking at CBIA’s Employment Law Conference on the topic of “Artificial Intelligence & Analytics for HR: Recruiting, Retention & Engagement” next month. Joining me on the panel is Doug Smith, the SVP Client Delivery at Tallan, which has offices in the Greater Hartford area.  I thought it might be enlightening to ask Doug a few questions about AI and Analytics in the Workplace before our talk. He was gracious enough to humor me with answers to my questions. Really looking forward to our discussion in two weeks.  In any event, here’s a return of my ongoing Five, Six Questions Series…. Is there really a place for data analytics in HR? Definitely.  It has the most impact in larger companies, but even the smaller companies can gain insight by tracking and analyzing their data.  It’s amazing what you can find when you start to really look. Fair enough. What are the opportunities? There ar...

Have you ever walked into a store, only to have your phone alert you to deals that the store was having? How did it know? Turns out many phones have Bluetooth Low Energry or BLE, for short.  This technology transmits information like a beacon to things like stores or other physical places, but also to other phones. Now imagine that your phone could alert other phones that are nearby that the user of the phone had a confirmed diagnosis for COVID-19.  Is that a good thing or a bad thing? That’s the premise of a new article by Christopher Luise, Co-CEO at Adnet Technologies, LLC here in Connecticut that I was able to co-write with him. The ability to do contact tracing digitally — that is, identify people who are carrying infectious diseases and the people they may have exposed — is something being seriously explored by several technology companies in the United States. It is already being implemented in Australia and Singapore, to name a few. For employers, the...

The Greek Data Protection Authority has imposed a 150,000 EUR fine on PriceWaterhouseCoopers Business Solutions SA for – get this – asking their employees’ consent to process their personal data. It may strike you as counterintuitive (and going against everything your mother ever told you) that asking consent could get you into trouble, but where personal data are concerned, so it would appear to be. As you know, each data processing activity has to have a legal basis. The principles of lawful, fair and transparent processing of personal data under the GDPR require that consent only be used as a legal basis only where the other legal bases do not apply. The case at hand involved the processing of employees’ personal data. In most cases, this type of processing by an employer does not require consent, as there are other bases available: the performance of the (employment) contract: in order to employ an employee, you will inevitably be required to process some of ...

Joining the growing list of states enacting privacy and data security laws, on July 25, 2019, New York’s governor signed into law the “Stop Hacks and Improve Electronic Data Security” Act (the “SHIELD Act”), amending the state’s data breach notification and cybersecurity law. The SHIELD Act applies to “any person or business that owns … computerized data which includes private information,” regardless of corporate structure, revenues or location. As such, the SHIELD Act will apply to not only businesses and employers in New York, but may also apply to businesses and employers with no physical presence in New York. The SHIELD Act imposes more expansive data security and data breach notification requirements on companies by: Broadening the scope of “private information” covered under the notification law to include personal information (such as a social security number or driver’s license number), biometric informati...

In January 2018 we wrote about Ribalda –v- Spain , a European Court of Human Rights case in which a number of supermarket employees were awarded compensation for breach of their privacy rights. They had been stealing quite handsomely from their employer over some months, as they freely admitted, but nonetheless thought it entirely improper that the supermarket should be allowed to use covert video footage of them to prove it [here]. The first chamber of the ECHR found that the installation of covert video surveillance without notice to the employees (as notionally required under Spanish law) amounted to a disproportionate interference with their rights under Article 8 of the European Convention (in summary, to respect for one’s private life), hence the compensation. One judge alone, Judge Dedov railed against this – the employees had lost their right to privacy when they decided to steal, he said, and so deserved everything they had got, which was sacked. The matter th...

Unheralded and unannounced, recently revised GDPR guidance from the ICO removed one small source of comfort for employers facing DSARs from employees. It used to say that the 30-day time limit was paused, the clock stopped, if you asked the requester for information to clarify his DSAR and it was not provided. This was not carte blanche to delay things – the request for clarification had to be made as soon as possible (i.e. not Day 29) and it had to relate to information you genuinely and reasonably needed in order to comply with the DSAR. Still, it was better than nothing in a tight corner. You also had to do your best to comply in a timely manner with those parts of the DSAR not covered by your request for further information. However, it has now gone. The revised guidance still allows you to seek clarity from the maker of the DSAR but makes it clear that the clock is not stopped pending receipt of it. There is no explanation of why the original guidance has been changed alread...

Since the National Labor Relations Board issued the precedent-changing Boeing Company decision in late 2017, the Board has continuously illustrated when employment policies will survive scrutiny under the National Labor Relations Act.  Recently, in Argos USA LLC , the Board clarified its position about three common types of employment agreements or policies, i.e. , those concerning confidentiality, use of an employer’s e-mail system, and the possession of cell phones in certain workplace areas. As background, the Board has recognized for decades that employment policies may violate the NLRA if they limit or prohibit ‘protected concerted activities,’ i.e. , efforts by employees to improve group working conditions (including, but not limited to, union activities).  A policy can violate the NLRA in this regard even if it is ‘facially neutral’ and does not explicitly prohibit union activities or other protected concerted activities.  In Boeing , ...

The big-picture information about Coronavirus being issued by the Government at present is all well and good, but it does not (in fairness, cannot) address the multitude of little spin-off questions arising for employers every day. We held a webinar on this earlier this week, with members of our Employment, Commercial, Data and Health & Safety teams reflecting the sheer breath of the likely impact of Covid-19 on working society. A large number of questions were submitted through the webinar portal-thingy – in the first of a series, here are some of them and our suggested responses. However, Boris’ speech yesterday reminds us that this is not just a business problem but also a human one, and on a potentially colossal scale. The law was not designed for these unprecedented times and so it will occasionally struggle to provide a convincing answer. Let us do what we can. Are you allowed to disclose employees’ medical information to protect others, for example, by telli...

Some new clarification from the Information Commissioner’s Office yesterday about that grey area between individual privacy rights on the one hand and the public interest on the other. Against the background of the Coronavirus crisis (and perhaps recognising that any other position would be politically terminal), the ICO has made it clear that even though information about a person’s exposure to or infection by the virus is the most sensitive of sensitive personal data, disclosures of that information as necessary in the reasonable interests of wider public health will in broad terms go through on the nod. The ICO states itself in its press release to be “ a reasonable and pragmatic regulator, one that does not operate in isolation from matters of serious public concern. Regarding compliance with data protection, we will take into account the compelling public interest in the current health emergency ”. Of course, that does not mean that the overriding principle ...

Just flicking idly through the ICO’s new guidance the other evening, as you do when the only alternative is Ant & Dec, and two paragraphs caught my eye. In the section relating to DSARs which are “ manifestly unfounded ” (and can therefore be batted away by the employer) appear two examples, where: “ the individual clearly has no intention to exercise their right of access. For example, an individual makes a request but then offers to withdraw it in return for some sort of benefit from the organisation” ; and “ the request is malicious in intent and is being used to harass an organisation with no real purpose other than to cause disruption” . There will be few employers on the receiving end of a DSAR from a disgruntled employee who would not consider either or both of those paragraphs to apply to it. So is this at last a means of pushing back against the weaponisation of DSARs in employment disputes, hooray? And if you add to that the refere...

The changes in the economy brought on by coronavirus disease 2019 (COVID-19), commonly known as the “coronavirus,” present challenges to employers trying to manage their greatest resource – employees. A cross-practice team involving our Tax Strategy & Benefits, Labor & Employment and Data Privacy & Security lawyers have published this alert that identifies some of the top employee benefits issues for employers to be aware of in this ever-changing environment. Read PDF: Top 10 Employee Benefits Issues in a Slowing Economy

In a bid to reawaken the Australian economy, the Federal Government is developing a return to work health and safety “toolkit” and is encouraging workplaces to become “COVID-safe”. At the same time, the Government is continuing to encourage the public to download its COVIDSafe digital contact-tracing App. As recently reported by our Data Privacy & Cybersecurity team, the App is designed to record Bluetooth “digital handshakes” between app users’ mobile phones. If an App user tests positive for COVID-19, they are asked to upload this data to the National COVIDSafe Data Store for the purpose of tracing community transmission of the virus. The Government is touting widespread use of the App as essential to the lifting of social distancing restrictions. In light of this message many employers will be urging their employees to download the App, in the hope of returning to normal business as soon as possible. However, any employer attempting to ...